Working with Intel on a separate browser based issue, they had me clear out the browser cache. After clearing it out, the Intel site issue is still there, but the TechNet one is now working as it should:

The bits are there and on the way down! :)

Hopefully, this will be the build that will allow us to work smoothly on an SBS 2003 and SBS 2008 network. 7000 had some issues to get things configured and working with our existing SBS setups.

For those folks on the Windows 7 Beta under the Connect site, check it out as the links may be active there too.

We believe the hype is well warranted. And, from what we have seen with the in-depth feature demonstrations last night with Qixing Zheng, the operating system is going to bring our user’s productivity up significantly with the right training!

And, just in case you were wondering, Server 2008 R2 RC is also available:

We will be downloading this ISO to install onto one of our lab server boxes in Server Core mode with the Hyper-V and Windows Backup roles enabled. From there, we will see what kind of improvements there are if any! ;)

With the availability of the RC version of Windows 7 being available today on the TechNet and MSDN sites, this is what is happening … at least here:

Hopefully our subscription page will start working at some point as I am helping out at the Windows 7 Install Fest here in Edmonton tonight and it would be nice to have the most recent available build!

Wednesday, 29 April 2009

We are being asked to choose the best method for the MAPS content delivery.

Please take the minute to fill this one out as the folks that worked on the MAPS advisory committee, us being one of them, worked quite hard to come up with the best three options for all Action Pack subscribers.

We believe that the next generation Action Pack Subscription will be a lot easier on the environment and simpler to manage as far as the software and product keys.

Tuesday, 28 April 2009

Damir Bersinic and John Bristowe were presenting to our Edmonton Microsoft User Group this evening on Windows 7 and Windows Server 2008 R2.

A new feature that can be installed with Windows 7 Professional or Ultimate is XP Pro Mode. These OSs will be licensed for 1 instance. For those who have Windows Vista Software Assurance tied into the Microsoft Desktop Optimization Pack, the number of XP Pro Mode instances that can be run on a workstation covered by MDOP is 4!

Essentially, it is a VHD of Windows XP Professional that resides on the user’s system. Whenever there is a need for an application such as Internet Explorer 6 or a legacy application that will not run on a 64bit operating system or Windows 7 in general, they can be installed into the Windows XP Professional VM.

For the user, all they need to know is how to go to the XP Mode folder (exact name not known yet) under All Programs and click on that application’s icon.

They will be presented with the application’s “window” which will in fact be a TSApps session into the Windows XP Professional VM. Sound familiar to our Mac users? ;)

The solution utilizes a number of different virtualization and application delivery technologies to make sure the user can do their job without thinking about how things are working underneath it all!

The VM is somewhat manageable just as a Virtual PC 2007 VM would be. It can be connected to the local network via bridge, the Windows 7 workstation can provide NAT services for the VM so that it can access the Internet, or it can run without any network connectivity at all.

When bridged into the domain, and subsequently joined to the domain, the XP Pro VM will require the same considerations as any physical or Hyper-V based virtual machine running the OS would:

Patch management.

AntiVirus and Malware protection.

Group Policy structures for the VM and others like it.

Now, the above assumes a small network where there will be no centralized management of the XP Pro Mode VMs.

For larger organizations, the XP Pro Mode VMs are a part of Microsoft’s new virtualization product called Microsoft MED-V. The VMs can be managed down to almost the minutest detail.

We can see a use for Windows 7 XP Pro Mode for some of our clients that have Line of Business Applications that will not cooperate with Windows Vista or now Windows 7.

The catch is though, having these VMs on the client systems introduces another level of complexity, disaster recovery elements, and management needs.

Apparently the Release Candidate getting released for us on TechNet this Thursday and to the general public in the first week of May will have the ability to enable XP Pro Mode.

Both blogs are worth adding to the RSS Feeder. Though, the Windows Performance Team Blog is chock full of good information on the how and why of performance tuning the Windows OS.

The top two Engineering Windows 7 links came via the Performance Team Blog.

As soon as we have our hands on the new RC ISO, we will be moving my principle workstation to it along with one of our accounting VMs from Windows XP to Windows 7 to try QuickBooks out on it. And, if that does not work and the virtualized XP Professional is active in the new RC, we will be trying that new feature out.

It looks as though Microsoft has learned their lesson when it comes to providing value to the premium SKUs as the virtualized XP will apparently be available on Windows 7 Business and Ultimate versions. We suspect Enterprise will also get this treatment too.

Also, check out my fellow MVP Mitch Garvis: Talking About Windows 7. I was fortunate to be able to spend some time with Mitch during my time in Toronto (previous blog post). He is a very smart and very busy fellow! The video is just shy of 3 minutes. Have a look. Then, have a look at some of the other videos on the site too. There are some pretty good thoughts on the impact Windows 7 will have on their business.

Monday, 27 April 2009

When looking to deploy SBS 2008 into a situation where SBS will reside in the main office and there will be a branch office or offices.

If there are only a few seats at the branch offices, then a simple solution is the have SBS 2008 Premium at the main office with either a Terminal Server serving remote desktops or a Hyper-V box serving desktop OS based virtual machines.

The catch would be the requirements of the Line of Business (LoB) applications that are needed.

Using the Remote Web Workplace in this manner, we can eliminate the need for a server at the branch office.

If the Line of Business applications allow for Terminal Services installation, then another option would be to publish the LoB via Terminal Services RemoteApps. The user can get to the Lob app via RWW or via an icon on their desktop.

In either case, Scorpion Software’s AuthAnvil should be seriously considered to protect those TS Gateway sessions with another layer of security. The expense is relatively minor compared to the peace of mind we would have knowing that our client’s TS Gateway is protected.

For larger installations where there are a number of users at the branch office or offices, then a hardware based VPN setup would be a consideration. Keep in mind that bandwidth considerations and ISP stability are important when looking to a VPN as part of the overall solution.

A Read-Only Domain Controller on Server Core along with the needed Roles could provide local users with authentication, file, print, and centralized backup services. Server Core provides the opportunity to really slim down the needed hardware, or even repurpose existing server hardware for the branch office.

Install the full Server 2008 install, then WSUS can be installed on the branch office server and Group Policy can be customized to facilitate the local clients getting their updates from the local WSUS. This setup can be tweaked for more than one branch office with a server in each too.

Ultimately, our solution direction would depend on the client’s industry their LoB needs, compliance, retention, and remote access needs. It is our preference to have remote users connect via RWW and work with all data stored on the main office’s network.

This preference is due to the reduction in complexity that happens as a result of keeping everything relatively centralized. KISS (Wikipedia) is the operating principle behind our preference.

However, ultimately the solution we tailor will be with the client’s best interests in mind.

We will run through some actual configurations in our upcoming SBS 2008 Advanced Blueprint book too.

Saturday, 25 April 2009

As we all know, ISOs of Windows 7 in its various incarnations are available via Torrent or other peer-to-peer services.

For us, there is a substantial risk to our business and to our client’s business if we went ahead and downloaded and used any of those Windows 7 ISOs.

What are the risks?

How do we know that the code has not been altered in some way, shape, or form?

For many, the “what ifs” do not carry much weight.

For some, they may have an ability to dump the contents of the system’s memory once the OS was fully loaded and analyze it to see if anything surreptitious is there. For those that can do it, this may be a required step before using the OS and all of its features as a daily driver.

While we could isolate the installed OS in a VM and monitor its behaviour, at what point does the time and energy put into this discovery process make sense for our clients and for us?

Every decision we make when it comes to investigating new products, new patches coming down the pipe, new pre-release software, permitted production software updates, or any product that looks like it can become a part of our I.T. Solutions package need to be carefully vetted for risks and benefits.

To us, the risks are too high to trust an illegitimately downloaded ISO of Windows 7 or any other software product for that matter versus the “benefit” of working with a newer version of the product.

So, we will wait patiently for April 30th (previous blog post) and the ability to download the RC version of Windows 7 via our TechNet subscription.

As has been the case in the past, those of us with a TechNet subscription seem to gain access to new versions of products earlier than the general public.

We have kept our Windows 7 experiences to a minimum due to the extra time involvement getting things happening on our own SBS network. We have been running it virtually though, and it sure is quick and responsive in a VM.

This upcoming build will be finding its way onto the system I am working from now. There goes a half day! ;)

Wednesday, 22 April 2009

I am in Toronto. The flight in was somewhat uneventful … at least as uneventful flying in a tin can (previous post) can be. :)

I still have a few things to do for tomorrow’s presentation.

The someone in this post’s title is the cab driver that brought me to the hotel.

I don’t know how many times I, or others I know have left something in a cab and that was it. Whatever was left was gone.

Somehow, I had left the top of my SBSC backpack opened up enough that my HTC Touch Pro must have fallen out of the bag.

I did not notice until I needed my hotel confirmation code which was in an e-mail on the phone. Normally, by then the cab would be gone onto their next call in a hurry.

As I was turning around from the hotel check-in counter there was the cab driver reaching out to hand me my phone.

Now how about that!

It may, or may not, be a standard “practice” for this particular cab company to check the back seat after each fare.

When it comes down to it, this particular fellow showed an interest in the welfare of his charge by making sure nothing was left behind. That little courtesy earned him a visit to the lobby ATM as he well deserved the affirmation!

In this day and age, with the economic turmoil we are in, those folks that demonstrate an attention to detail, and a commitment to do what’s best for their clients, are the ones that will stay on top.

One of our non-profit clients is in the process of having their SBS 2003 Premium network migrated to SBS 2008. We needed the media for SBS 2008 OS as the install keys are not available on the eOpen Web site. Their original agreement was purchased through TechSoup at pennies on the dollar compared to our standard corporate client pricing.

The same is not true for our Open Value based clients and their SBS 2008 OS Software Assurance fulfillment as the Open Value program automatically ships any new OS versions of the product to our client while their agreement is in effect.

We put an inquiry into the eOpen folks to find out how we get the SBS 2008 media, and this is their response:

Hello Philip,

This is in response to your email regarding Windows Small Business Server 2008 Premium.

Thank you for your inquiry. Please be advised, due to the Key type, Windows Small Business Server 2008 Premium is not available as a Product Download. To ensure you receive the highest quality of service, it will be necessary for us to redirect you to our Fulfillment Department at (800) 336-0098 option 4 then 1, as they will send the Physical Media free of charge.

If we may be of further assistance, please feel free to contact our customer service center at (866) 230-0560. Our office hours are Monday-Friday from 5:00 AM to 5:00 PM Pacific Standard Time.

A call into the first 800 number and five minutes later the order has been placed and we will receive a confirmation e-mail once it ships.

This process was probably one of the smoothest Microsoft Licensing Software Assurance fulfillment we have had to date!

If a non-profit qualifies, check out TechSoup for their licensing needs. The prices there are significantly less than Microsoft Charity licensing. But, the qualifications are quite stringent, so be prepared to test the waters with TechSoup before proposing them as an option. It can be a big letdown to a non-profit client if they get their hopes up for ordering through TechSoup.org only to find out that their particular business focus disqualifies them.

When setting up a new SBS 2008, it is important to keep in mind that the schedule for the built-in SBS 2008 backup and the Volume Shadow Copy snapshots should not overlap.

When we schedule the SBS backup, we set the following times:

1200hrs (12PM)

1700hrs (5PM)

2300hrs (11PM)

For the Volume Shadow Copies we set a schedule that is based on the volume of data changes that happen at the client site. For sites that have a high volume of data changing on any given day during their peak season we will reduce the number of VSC snapshots.

A rule of thumb for scheduling the snapshots:

0817hrs (8:17AM)

1017hrs (10:17AM – Coffee/Tea break)

1217hrs (12:17PM – Lunch break)

1517hrs (3:17PM – Coffee/Tea break)

1817hrs (6:17PM – End of day)

We put the 17 minutes adjustment in as a just in case to avoid the snapshots running at the same time as any hourly scheduled tasks.

I will be in Toronto for tomorrow’s SBSC breakfast presentation on the SBS 2003 to SBS 2008 migration process (previous post). It will be a big picture view of the whole process with some pointers on the caveats and gotchas involved.

Due to the time frame of the presentation we will not be able to get too deep into the process. Though, we will be able to have a Q&A after the fact since the room will be free after our allotted time in it!

Tuesday, 21 April 2009

After running through the SBS 2003 source server preparation steps, configuring an Answer File for our destination SBS 2008 box, and running the SBS 2008 install routine with the Answer File on a USB flash drive we should see the following:

Now, once we have reached this point, we need to run some of the SBS 2008 Set Up Steps (previous blog post) that are situated before the Getting Started Tasks before carrying forward with the Migration Wizard.

This way we have the necessary SBS 2008 configuration steps in place before we move forward. We will see about putting together a guide for a successful migration as soon as we have run through a few of them successfully.

Due to the complex nature of the migration process, we need to speak from the experiences we have and will have migrating our current SBS 2003 networks.

The above screenshot was taken from a client’s new server we have on our bench. We have a ShadowProtect image restored to one of our lab servers so we can run the migration from start to finish to make sure that there are no hidden surprises as their SBS 2003 has been around a long time.

This particular client is just coming out of their peak season. We were not able to touch the server during business hours which for them were quite extended.

We will have a DRAC (Dell) remote management module installed on the server very soon so as to have out-of-band access to the box just in case there is any problems with updates.

We will also have the SBS OS DVD 1 in the optical drive so that we can recover the OS to the backup point we created just before running any updates.

With the DRAC, or its equivalent, we can do all of that from anywhere we have an Internet connection.

So, just how stable is SBS 2008?

In this case, the built-in SBS 2008 backup started showing a bit of strange behaviour as the server would bog down when it was initializing. We moved the backup to outside of their working hours and stepped up the Volume Shadow Copy frequency to compensate.

The server has been rock solid to date. We guesstimate that a reboot will be happening this coming weekend or the following one depending on the slow-down period for our client.

This will be our preliminary set up checklist for getting an SBS 2008 install configured once the base OS install has completed. This post will compliment what is in our SBS 2008 Blueprint book. It will also provide the foundation for a chapter in our upcoming SBS 2008 Advanced Blueprint book.

There will be some minor tweaks and modifications to this list as we go along with our installs. If things change a lot, then we will run a new post and call it V2. :)

For the most part, items in the list will be fleshed out in the SBS 2008 Blueprint book. Items that we have encountered beyond the book, will be addressed in existing or subsequent blog posts.

The following assumes that the server manufacturer’s prep disk was used to update the BIOS, motherboard firmware, RAID controller firmware, backplane firmware, and any other device’s onboard firmware prior to installing the SBS 2008 OS. The firmware update step is an absolutely critical one for the stability of the server.

Here is our list so far:

Install the manufacturer’s drivers.

RAID including RAID monitoring/status software.

Chipset.

Video.

NIC (Do not team). Unplug or disable any extra NICs for now.

GUI Customization

Windows Explorer.

Start Menu.

Notification Area.

Add a Desktop Toolbar to the Task Bar .

Internet Explorer .

Task Manager Process Column Customization.

Partitioning

RAID 1+0 is our default (4 disks) + hot spare. Name after the amount of storage is the drive label.

Change the initial domain administrator’s password if using an Answer File (remember to reset the DHCP credentials, and any Event Log event fired Task too). Note that if the admin account has not been logged off since changing the Password Policies, a log off and log on again will require a password change anyway.

One thing to keep in mind when it comes to checklists is that they are never meant to be a replacement for the materials they summarize!

It is very important to understand why the various steps need to be accomplished, how those steps can change over time due to changes in the operating system, the hardware configurations underneath the OS, and the technician’s own growth in experience and understanding.

The “why” leads to an ability to understand how things are going wrong when they do. Note that we are saying, “when” and not “if” things go wrong.

UPDATED 2009-05-11: V1.0.1 – Added a step and a few sub steps for Group Policy settings.

UPDATED 2009-05-14: V1.0.2 – Added the IE SBSUsers settings.

UPDATED 2009-05-19: V1.1.0 – Added some tweaks and changes to the existing steps.

Monday, 20 April 2009

We are through the gauntlet on this Swing migration and heading towards the home stretch!

The box we are working with is an IBM XSeries dual 3.4GHz with three new 146GB 15K SCSI U320 drives for a total of six.

The server's RAM was also bumped up to 4GB from 2GB.

Once through the Swing and with SBS fully installed and configured we have been very impressed with the speed of the reboots and boot ups.

We have other similar configurations out there with SATA based RAID arrays and this one just kills them performance wise.

There are four 10,000 RPM drives configured in a RAID 1+0 array for just shy of 300GB with two hot spares that were original to the box.

They just scream!

We learned that we needed to navigate IBM's awesome support site to find the ISO containing a utility to configure that RAID array in a not so intuitive way ;)

We also learned that the IBM all in one update utility actually does a good job bringing all of the Windows drivers up to date. There was also another utility that creates a bootable USB flash drive to update the system's firmware components.

Now that we are through the production run of the Swing, the test run we did last week sure has paid off. The main concern now is Group Policy tattoos and some of the Line of Business applications that may not adjust.

Friday, 17 April 2009

In order to get Windows Vista to successfully restore from any imaging based backup solution, the Boot Configuration Data (BCD) needs to be reset to a generic setting before creating the image or the OS will not restore properly.

We have a ShadowProtect image of one of our client’s SBS 2003 Premium RTM boxes that we are using to run through the SBS 2003 to SBS 2008 migration process with.

This SBS has been around for about four years or so. As a result, we wanted to run through the Microsoft migration method to see if there are any unforeseen hiccups with their setup or Line of Business applications.

So, we used the Hardware Independent Restore feature of ShadowProtect to restore the image to one of our lab server boxes. The restore process and the subsequent old server device cleanup (previous post) while in Safe Mode after the restore went as well as expected.

Once the OS had finished its boot after the cleanup, there were all kinds of problems though. Their source was the lack of NICs showing in Network Connections.

The Device Manager showed the Intel NICs, the teaming driver setups, and the NIC Team, but they were not showing up anywhere else.

It took a while to figure out how to break the team as any attempt to access the NICs in the Device Manager or work with the Intel driver software would result in a perpetual hour glass.

The old server setup has three NICs installed. There are the two onboard NICs teamed along with an add-in NIC that is used to connect to the Internet.

We ended up needing to reboot into Safe Mode and disabling any of the Intel software driver NIC components (MiniPorts, etc) and the like in the Device Manager leaving only the physical NICs enabled. We also set the Exchange and ISA services to manual so that they would not drag the box down during boot up as no IP addresses would be in place yet.

After rebooting the box into the SBS OS we finally had the two NICs showing up in the Device Manager and the Network Connections folder. We then reinstalled the current Intel ProSet drivers.

From there, we set one NIC with the SBS internal IP and in the other we set an IP to work with one of our routers that has direct access to the Internet. We did not need inbound Internet traffic, but we did need the Internet connection for the migration process.

We reset the Exchange and ISA services to automatic, restarted the ISA services only and reran the Configure E-mail and Internet Connection Wizard to set the new Internet subnet into ISA.

A reboot later and we had a happy Exchange with full mailbox access and ISA was working as expected. IE brought up a Web site as a test for Internet connectivity.

Now, we will image the box so as to have a place to fall back to in the event we have a failure during the initial migration process steps. We will keep imaging the old SBS box with incremental images until the process is finished, or we need to step back and figure out where things went wrong.

We will use the built-in SBS 2008 backup to keep a fallback for it.

IMPORTANT:

For any production SBS box image that is restored to a lab server setup or VM setup needs to have the POP3 Connector disabled before Internet connectivity is turned on!

Thursday, 16 April 2009

The deeper into the test Swing we go, the clearer it becomes that we need to Swing the actual production environment.

There are so many things going on in the background, from the Terminal Server that runs their proprietary accounting LoB, to the Linux box that they are going to deprecate at some point that has their old accounting system on it.

Going with a completely fresh SBS install is looking more and more prohibitive due to all of the “customizations” that we are seeing as we go through the Swing steps.

While we will be able to tidy up Group Policy, DNS, and have functional SBS Wizards and features like the Companyweb and Remote Web Workplace, we will not be able to tighten up the security structures as we had hoped, and we will not be able to restructure much in the SBS domain.

While there are still some unknowns that may rear their heads and try to bite us, the Swing Migration is giving us the confidence we need to come through this coming weekend and the actual Swing Migration with a fairly stable SBS and users that find everything working as expected … we hope! ;)

Once we uninstalled the update and rebooted the server, the Companyweb site came up just fine on the SBS 2008 box. Looks like we will be declining this one on our other SBS 2008 installs until things are ironed out and the update takes properly.

The deeper we are digging into this the more and more it may be a good idea to start fresh and work the client workstations from there.

But, we have committed to the business owners to run through the Swing test anyway, so we are well into it now.

The existing SBS was imaged using ShadowProtect and has been restored to one of our lab servers using the Hardware Independent Restore feature. We cleaned up the IBM XServe hardware pieces in the Device Manager and made sure that the lab server hardware drivers were installed and stable.

We are running a portion of the Swing virtually with the NewSBS ending up on the same lab server we have the restored SBS on now which is a Swing Off and Swing On again.

On this particular SBS network there is a Terminal Server. So, we took an image of it as well as one critical workstation. We are restoring both images to VMs running on Hyper-V Server 2008 (yes, we got it up and running though with no add-in RAID controller).

When we went to boot from the ShadowProtect I.T. Edition ISO in the VM, the WinRE would choke on the networking portion of the ShadowProtect startup routine. We ended up needing to uninstall the standard Hyper-V NIC and use a Legacy NIC to get things rolling. We were using the Windows Vista WinRE version too.

We placed the two ShadowProtect images on a network share to run the restore process in the Hyper-V based VMs using drive mapping feature in the ShadowProtect recovery environment.

When it comes to restoring an encrypted ShadowProtect image that is password protected using AES 128bit security, CPU crunching capabilities and GHz speed sure make a huge difference on the restore times.

The process to version up the QuickBooks (QB) database manager that resides on SBS or another file server on the network will require the old version to be uninstalled first. The new version does not uninstall any previous versions for us.

The first thing to do is to make sure to check the Services.MSC on the server to shut down any relevant QB services:

Intuit QuickBooks FCS

QuickBooks Database Manager Service

QuickBooksDB17

Then, uninstall the current QB Database Manager from the server via the Programs and Features menu under the Control Panel. Once that is done, remove the previous version’s QBDataServicesUserXX from Active Directory:

QB 2008 and QB 2009 Db Service User

Note that we are moving from QB 2008 Non-Multicurrency to QB 2009 Non-Multicurrency in this case. So, we deleted the QBDataServiceUser17 user account.

The previous version’s folder will also need to be removed after the uninstall routine has finished from two locations:

QB 2008 previous version folder after the uninstall process

And:

Program Files (x86)\Common Files\Intuit\QuickBooks

The second screenshot above shows files located under the Common Files folder. However, the uninstall routine will actually remove most of them.

Once the previous version of the database manager has been completely cleaned off, run the install from the QB 2009 CD and choose the server only install.

Note that once the install is complete, QB connections to the server will not work until the Windows Firewall with Advanced Security rules allowing the inbound QB database connections are updated with the new path:

QB 2009 SBS 2008 firewall rules updated

Make sure that there are no users with QB 2009 open on their workstations while running the uninstall and install process.

Once the base database manager has been installed, open it and click the Updates tab. Click the link to be taken to QuickBooks’ support site and download the most recent Rx version. Install that update and verify that the QB services are up and running in Services.MSC.

Have one user open their newly installed and updated QB. We run the activation and updates on one of the trial company files supplied by Intuit. From there, a backup of the existing QB company file will be run by the update utility prior to updating the company database files. We make sure to fire off an incremental ShadowProtect image or a Volume Shadow Copy snapshot prior to this stage.

Once they have successfully updated the company database files, have them switch to Multi-User mode. This will verify that the database manager is receiving connections and functioning as expected. This step is critical, because if something is not syncing properly, that problem may not show itself until there is a need for Multi-User Mode which relies on the database manager.

Also, when it comes to installing QB on the workstations, install the Standard Stand-Alone version only. It is not a good idea to install the Hosted Database version since the QB files will be residing on the server.

Intel, Dell, and other manufacturers use LSI boards as the foundation for their RAID controller offerings.

How this purchase pans out for the RAID controller market has yet to be determined. We do hope that the 3ware products live on since they are as good as the Intel/LSI products we deal with and competition is a healthy thing for manufacturers and for our clients and us.

For us, Intel/LSI are the RAID controllers of choice. We have had great success with Intel’s cards over the years. So, we will continue to stick with them.

The only other RAID controller we would look at for specialized applications would be by Adaptec. Though that need has been virtually nonexistent for a few years now.

We went through one of the toughest recovery processes ever last year at this time.

The SBS had a catastrophic RAID array failure based on bad sectors that did not show up until a reboot for updates.

The slow corruption of the drive data found its way into the ShadowProtect backup images as well. Though, we were fortunate to have support via the StorageCraft forums on how to mount the image and run some clean-up utilities after the fact.

We had ended up managing to recover the SBS back here in the shop after we had moved the desktop clients over to their backup DC and mirrored shares. They were at least functional while we ran the recovery.

Note that it is a rather long read as it covers the full gamut of the recovery process including all of the roadblocks presented by having a second DC on an SBS domain. There are a lot of pearls (Lieutenant Colonel Frank Slade) in that post! ;)

Even with all of the hiccups on the road to recovery, the only problem our client had the Monday morning we had Swung (SBS Migration) in the new hardware based SBS was with two users who had happened to have changed their passwords during the previous week while SBS was offline.

Monday, 13 April 2009

While inserting a memory upgrade into one of our lab boxes, I pivoted the stick into the slot instead of sliding it straight down into its seat.

That first pivot caused a snap sound that was immediately recognizable as a soldered joint letting go.

Then, to top it off, the without thinking, the second piece went in the same way and I was greeted with the same sound.

The registers are sitting just to the left of the memory sticks in the above screenshot.

And, no, they will not be RMAd since I am responsible for killing them.

We are fortunate that the RAM is not that expensive, but even then, this is still a costly lesson to have.

The need to focus on what we are doing when it comes to the more intricate hardware procedures, such as installing RAM (what happens when a slight sideways pressure causes the stick to rotate? I am sure we have some readers that know … as do I) is of utmost importance when we are working on production systems.

This focus is even more important when we are running through a series of complicated steps for a server setup, upgrade, or operating system reconfiguration. One mistake can lead to an error that can ultimately put our clients out of business until we restore.

Having a lot of things on one’s plate does not count as an excuse when things go wrong at our own hands. Either trying to rush things, or thinking about the next task on the to do list, does not work when we are doing something intricate.

So, it is time to take a series of very deep breaths and focus the mind on the task at hand … and to let go of the frustration of the moment! ;)

Overview

Volume 6 of the SIR focuses on the second half of 2008 (from July - December) and builds upon the data published in the previously released volumes of the SIR. Using data derived from hundreds of millions of computers worldwide, and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in software vulnerability disclosures as well as trends in the malicious and potentially unwanted software landscape, and an update on trends in software vulnerability exploits.

It used to be that programs installed along with updates that were installed on SBS were listed in the Add/Remove Programs. We needed to put a check mark to Show Updates in the installed programs list.

Now, the installed programs and updates have been separated.

To uninstall an update, we need to go into the Installed Updates list, right click on the update and Uninstall it.

Saturday, 11 April 2009

The system came back to us a couple of days ago due to a RAID array error message.

Nothing out of the ordinary was going on when the system spontaneously locked up on the user.

The RAID array consists of four (4) 150GB Western Digital Raptor drives configured in a RAID 1+0 (BIOS indicates 0+1 which is incorrect).

Of the two pairs, one in each managed to survive the array malfunction. Thus, the array and subsequently the OS survived the failure. We were able to boot into Windows Vista with no issues.

The puzzling aspect of getting things back together was how to reset the two failed drives.

We had taken the drives out of the system and ran the Western Digital utility that does an extensive disk scan and both came up error free.

The RAID BIOS does not make it too clear how we need to reset the failed array members either.

We ended up deleting the entries in the RAID BIOS array management for the two drives that were in error state. Once we did that, they appeared as available and we were able to add them back to the array by highlighting them and setting the array into rebuild mode. Remember, all we are doing is adding the second drive that will mirror the original drive in the RAID 1+0 array (nVidia calls it RAID 0+1 in the BIOS).

The catch to an array rebuild on this setup is that we need to boot into an OS before the rebuild starts.

When we went to reboot, Windows Vista complained about missing NLS data. So, something had changed with the resetting of the “failed” drives.

We booted into the ShadowProtect Recovery Environment to verify that everything was intact on the C: drive, which it was, but we were not able to get any further. We tried copying the NLS files over but that did not work.

So, we deleted the array in the RAID BIOS, recreated it, and attempted to restore our ShadowProtect image that we took just prior to messing around with the system. That restore attempt failed.

We had not run the preparation step indicated in the above blog post on the Windows Vista OS so we ended up needing to rebuild the box from scratch.

Once the box had been fully installed, one of the hard drive array members choked and caused the system to lock up. Perhaps we have finally found the culprit of the original array failure! We changed that drive out for a new drive using the array delete and create process and are now well into a burn-in process with no hiccups.

This time, we ran the above prep steps and then imaged the system using ShadowProtect before breaking the RAID array. We were able to then successfully restore the Windows Vista OS.

The failed drive in this case was not a part of the original pair of “failed” drives. Hopefully we now have the source of the problem. The burn-in will continue to run until our client picks up the box late Monday afternoon.

The burn-in produced no array failures and our client was happy with the system when we followed up at the end of last week.

When we do a message tracking trace on for the user, the results show the Return Path as it should be UserN@TheirDomain.com, yet the above is on any e-mail they send out.

We have not yet applied Exchange 2007 Rollup 7 for SP1 to any of our other SBS 2008 boxes yet. It seems that default SBS 2008 installations should take the update with no issues as there has been very little feedback indicating otherwise.

Now that we know what caused the problem, it is important to know that Exchange 2007 SP1 Rollup 7 should notbe applied in cases where there are hidden mailboxes!

The only option we have now is to uninstall RU7, reinstall RU6, and we will be able to keep those addresses hidden. Thanks to Chris Puckett of Microsoft (Live Search) for pointing us in the right direction!

The problem will be fixed with Exchange 2007 Service Pack 2 according to the KB969690 article.

When we do a message tracking trace on for the user, the results show the Return Path as it should be UserN@TheirDomain.com, yet the above is on any e-mail they send out.

We have not yet applied Exchange 2007 Rollup 7 for SP1 to any of our other SBS 2008 boxes yet. It seems that default SBS 2008 installations should take the update with no issues as there has been very little feedback indicating otherwise.

We are fortunate that we have not yet had a data recovery to attempt on these new drives that stack the bits up on the platters.

The old drives had a single bit on the platters that made things relatively easy to work with when the bits destabilized and sectors went bad with the subsequent cascade effect killing adjacent sectors. Think pizza with the dough/sauce as the platter and only pepperoni as a topping (storage bits) for this previous generation storage technology.

Once the bits start destabilizing on these new drives, a bad sector is not just a set of bad single bits, it is a stacked set of bad bits. Think deluxe pizza with pepperoni, mushrooms, triple cheese, and fresh tomatoes all stacked up nice and neat. There is a lot more data to lose in the same area.

Armed with this knowledge, it is extremely important that our clients realize that their data must be backed up. Using the above pizza analogy as the foundation to give the business owner a visual concept without the GeekSpeak we can make things pretty clear. Lose a quarter of that deluxe pizza, and there is very little likelihood that data will be recoverable.

It goes without saying for us that the data should be backed up, and fortunately all of our clients are in an excellent recovery position, but for some reason we encounter many businesses that have little or no backup structures and absolutely no disaster recovery planning in place.

A panicked phone call from someone about their data being lost is one of the most painful calls to field. It can be even more painful when we find out that there are no backups in place, and the drive is seemingly inoperable.

With the advent of Cloud storage, inexpensive USB hard drive storage, or even external eSATA RAID capable systems that can be used to hot swap one of the mirrored pairs of a RAID array, there really is no excuse to taking a risk with one’s business or cherished digital memories.

A hard drive, whether standard spindle based or SSD, is a physical device with moving parts. Moving parts mean wear and tear as well as the possibility of failure sometimes sooner than later.

SBS 2008 presents us with a number of great opportunities for our clients and our own business. We will spend a little time with those opportunities along with a look at the SBS 2008 migration process.

Subscribe via email

Twitter Feed

About Me

Our primary IT vertical is accounting firms since 1998. From accounting app support through to highly available solutions for accounting firms we've got it covered. I'm a Microsoft MVP since 2009. First on SBS and then starting in 2014 on Cluster.